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IN THE CLAIMS : 

Pending claims follow. 



1 , (Original) A method of scanning a communication received at a 
firewall for target content, wherein the communication is directed to one of a set of 
computer nodes connected to the firewall, comprising: 

maintaining on the firewall a scanning module configured to scan 
communications received at the firewall; 

maintaining a set of criteria for determining when one of said 
communications may be scanned at a computer node connected to the 
firewall instead of at the firewall; 

partitioning responsibility for scanning said communications between 
said firewall and a first computer node connected to the firewall; 

receiving a first communication at the firewall, wherein said first 
communication is intended for said first computer node; 

identifying one or more attributes of said first communication; 

determining from said criteria and said attributes whether to scan said 
first communication for target content on the firewall; 

determining from said criteria and said attributes whether said first 
computer node is configured to scan said first communication for said target 
content; and 

forwarding said first communication to said first computer node; 
wherein said first computer node receives and scans the 
communication for said target content. 

2. (Original) The method of claim 1, further comprising: 
receiving a second communication at the firewall, wherein said 

second communication is intended for a second computer node; 

identifying one or more attributes of said second communication; 
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determining from said criteria and said attributes of said second 
communication whether said second computer node is permitted to scan said 
second communication for predetermined content, 

scanning said second communication at the firewall for said 
predetermined content; and 

forwarding said second communication to said second computer 

node; 

wherein said second computer node receives but does not scan said 
second communication for said predetermined content 

3. (Original) The method of claim 2, further comprising marking said 
second communication before said forwarding to said second computer node. 

4. (Original) The method of claim 1, wherein said partitioning 
comprises: 

receiving scanning capabilities of a first computer node connected to 
the firewall; 

consulting a set of scanning requirements specified by an operator of 
the firewall; and 

specifying a set of criteria to identify when a communication may be 
scanned for target content by said first computer node. 

5. (Original) The method of claim 4, wherein said partitioning further 
comprises receiving a set of proposed criteria from said first computer node. 

6. (Original) The method of claim 1, wherein said determining 
comprises: 

identifying whether said firewall is capable of scanning said first 
communication for target content; 

determining whether said firewall is configured to share 
responsibility for scanning said communications with one or more of said 
plurality of computer nodes; 
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determining whether said first node is capable of scanning said first 
communication for said target content; and 

determining whether said communication satisfies one or more 
criteria in said set of criteria. 

7. (Original) A method of protecting a network of computer nodes from 
computer viruses, wherein the network of computer nodes is connected to a 
firewall, comprising: 

maintaining a set of scanning rules for determining when a 
communication received at a firewall is to be scanned on the firewall and 
when said communication may be scanned by the destination node of said 
communic ation; 

receiving a first communication at the firewall, wherein said first 
communication is intended for a first computer node connected to the 
firewall; 

determining whether a first virus scanner is enabled on the firewall; 

determining whether a second virus scanner is enabled on said first 
computer node; 

identifying a first set of attributes of said first communication; 

determining from said first set of attributes and said rules that said 
first communication is to be scanned on said first computer node; 

forwarding said first communication to said first computer node 
without scanning said first communication for computer viruses, wherein 
said first computer node scans said first communication for computer viruses 
using said second virus scanner; 

receiving a second communication at the firewall; 

identifying a second set of attributes of said second communication; 

determining from said second set of attributes and said rules that the 
firewall is responsible for scanning said first communication for computer 
viruses; and 

operating said first virus scanner to scan said second communication 
for computer viruses. 
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8. (Original) The method of claim 7, wherein said set of scanning rules 
comprises: 

a first subset of firewall rules for application by the firewall to 
determine how to handle said communication; and 

a second subset of proxy rules for application by a proxy operating on 
the firewall to determine how to handle said communication. 

9. (Original) The method of claim 7, wherein said set of scanning rules 
comprises: 

a first subset of scanning rules for determining when said 
communication may be scanned for target content by a destination node of 
said communication instead of the firewall; and 

a second subset of scanning rules for determining when said 
communication is to be scanned on said destination node and not on the 
firewall. 

1 0. (Original) The method of claim 9, further comprising negotiating 
between the firewall and said first node to define said first subset of said 
scanning rules. 

1 1 . (Original) The method of claim 9, further comprising receiving said 
second subset of said scanning rules from a firewall administrator. 

12. (Original) The method of claim 10, wherein said negotiating 
comprises: 

establishing a secure connection between the firewall and said first 

node; 

receiving at the firewall a proposed set of criteria for determining 
when said first node shall scan a communication instead of the firewall; and 

determining whether said proposed set of criteria conflicts with said 
second subset of said scanning rules. 
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13. (Original) The method of claim 1 0, wherein said negotiating further 
comprises providing said first subset of said scanning rules to said first node. 

14. (Original) The method of claim 10, wherein said negotiating further 
comprises sending an updated version of said second virus scanner to said 
first node. 

15. (Original) The method of claim 10, wherein said negotiating is 
performed after said second virus scanner is configured on said first node by 
a user. 

16. (Original) The method of claim 10, wherein said negotiating is 
performed after said first node is rebooted. 

1 7. (Original) A computer readable storage medium storing instructions 
that, when executed by a computer, cause the computer to perform a method 
of scanning a communication received at a firewall for target content, 
wherein the communication is directed to one of a set of computer nodes 
connected to the firewall, the method comprising: 

maintaining on the firewall a scanning module configured to scan 
communications received at the firewall; 

maintaining a set of criteria for determining when one of said 
communications may be scanned at a computer node connected to the 
firewall instead of at the firewall; 

partitioning responsibility for scanning said communications between 
said firewall and a first computer node connected to the firewall; 

receiving a first communication at the firewall, wherein said first 
communication is intended for said first computer node; 

identifying one or mote attributes of said first communication; 

determining from said criteria and said attributes whether to scan said 
first communication for target content on the firewall; 
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determining from said criteria and said attributes whether said first 
computer node is configured to scan said first communication for said target 
content; and 

forwarding said first communication to said first computer node; 
wherein said first computer node receives and scans the 
communication for said target content. 

18. (Original) A computer readable storage medium containing a data 
structure configured to facilitate a determination as to whether a 
communication received at a firewall is to be scanned for target content on 
the firewall or on a destination node of the communication, the data structure 
comprising: 

a first indicator configured to indicate whether a first communication 
scanning module is installed on a firewall; 

a second indicator configured to indicate whether a second 
communication scanning module is installed on a destination node of a 
communication received at the firewall; and 

a set of criteria to be applied to said communication to determine if 
said communication is to be scanned for target content at the firewall or at 
the destination node; 

wherein said second indicator and said set of criteria are configured 
during a negotiation process between the firewall and the destination node. 

1 9. (Original) An apparatus for scanning a communication received at a 
firewall to detect target content, wherein the communication is selectively scanned 
at one of the firewall and a destination node of the communication, comprising: 

a firewall configured to receive a communication from an external entity for 
a first node connected to said firewall, said firewall comprising: 

a first proxy module configured to establish a connection to the 
external entity, 

a first scanning module configured to scan said communication for 
target content; and 
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a set of rules configured to determine whether said communication is 
to be scanned for said target content on said firewall or on the first node; and 
a first computer node connected to the firewall and comprising a second 

scanning module, wherein said first computer node negotiates with said firewall to 

configure a first subset of said rules to identify when said first computer node shall 

scan said communication rather than said firewall; 

wherein a measurement of performance of said firewall is increased as a 

result of said first node scanning one or more communications rather than said 

firewall. 

20. (Original) The apparatus of claim 19, wherein said first node further 
comprises a negotiation module to negotiate with said firewall on behalf of multiple 
scanning modules, including said second scanning module. 

21 . (Original) The apparatus of claim 1 9, wherein said firewall further 
comprises a negotiation module to negotiate with said first node on behalf of 
multiple proxies, including said first proxy module. 

22. (Original) The apparatus of claim 19, wherein said set of rules 
comprises: 

a first set of criteria to be applied for all nodes connected to said firewall and 
all communications received at said firewall to determine if a first communication 
received at said firewall for a first destination node connected to said firewall may 
be scanned for target content by said first destination node rather than said firewall; 
and 

a second set of criteria to be applied for a subset of said all communications 
to determine if said first communication may be scanned for said target content by 
said second destination node rather than said firewall; 

wherein said second set of criteria are applied by said first proxy module and 
said subset of all communications includes communications formatted according to 
a predetermined communication protocol; and 

wherein said first set of criteria is applied prior to said second set of criteria. 
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